I am trying to verify the SHA1 checksum after downloading the gpg4win-2.3.3.exe on Windows10 desktop via the File Checksum Integrity Verifier (FCIV).
Couple of days back I was continuously (downloaded the same file multiple times) getting a different :
SHA1 checksum as opposed to that published on the web-site :
When I did the same thing today, I got the same SHA1 checksum on the file as published on the web-site on the first go. A minute later, I am getting the old SHA1 checksum : 17a2b75f3ee06908b9d82f3d892baf82 gpg4win-2.3.3.exe on the same file.
I am not sure what is happening. Could anyone help me with this.
2.txt (111 Bytes)
note that the exe comes code-signed, so verifying the file length and checksum is an additional check (that can be good for certain situations where you only want to see if the transport was done correctly for instance).
is the md5 checksum of the file, which is shorter than sha1. So my idea is: Somehow your File Checksum Integrity Verifier (FCIV) seem to calculate the md5 checksum instead of the sha1 sum. You could try the command listed here https://wiki.gnupg.org/TroubleShooting
We took your message as an intention to create a page in the wiki on how to check the integrity of the downloaded packages (https://wiki.gnupg.org/Gpg4win/CheckIntegrity). If you have further questions or improvements on the page, feel free to ask or add them to the page.
Issue resolved. Thanks a lot Bernard & Jochen.